How worried would you be if several accounts have been set up with your email address?

hawkmoth
hawkmoth
Community Member

I have recently found out that accounts at various web sites have been added using my usual email address. Of course, I only know this happens when a new site sends me a message asking me to verify my email address. This is unsettling. But is it really dangerous? In some cases, I've captured those accounts and changed the passwords to prevent the originator from continuing to use them, on the theory that my email address couldn't be used at the sites anymore. But I would suppose that anyone who did this on purpose would try to recover the account by requesting a password reset.

How concerned would you be if this were happening to you on a frequent basis? I'm beginning to wonder if I need to ditch my Gmail account and set up a new one. There is lot of friction doing that, though. Maybe this doesn't actually matter, but it is happening often enough lately that it is hard to believe its just a matter of a typo in the email address used to set up those new accounts.


1Password Version: 7.6
Extension Version: 7.6
OS Version: macOS 10.15.7
Sync Type: 1Password Account

Comments

  • MrC
    MrC
    Volunteer Moderator
    edited September 2020

    @hawkmoth ,

    There was a time when more sophisticated users would attempt to use email variants (plus addressing, throw-away emails, different accounts), in an attempt to control email address distribution and to help defeat spam (and identify spammers) or other nefarious or accidental email usage. Some still try, but in the end, this is generally a lost cause.

    Consider an email address to be a public record, once you've used it, it's available to anyone. You cannot prevent others from inappropriately using Reply All, the companies that readily share contact information, the ISPs / providers who routinely snoop, or the occasional contact-culling malware that may hit your system, or more likely the systems of those who have your email address(es).

    Spam (or more generally unsolicited email) is the scourge of our email system; it's an unavoidable byproduct of our weak, 70's-designed, unsophisticated, trusting email protocols. Best you can do is use email providers that have excellent anti-spam tools (and the big free providers are not on this short-list), and just deal with the spam / unsolicited email best that you can. Accidental, or phishing account sign-ups happen from time to time.

  • @hawkmoth,

    I've had my gmail account since gmail was an invite-only service, but surprisingly I only started having problems two people in the world signing up with my email account. One was a middle age German woman who had purchased a Samsung Phone, the other a geriatric woman in flyover country who goes to way too many chain restaurants. I have always taken over the accounts and had the services delete them. The flyover person was persistent and signed up again with my email account.

    The problem for me is these people aren't computer literate and don't know their own email addresses.

  • hawkmoth
    hawkmoth
    Community Member
    edited September 2020

    @rudy - Being geriatric and living in flyover country probably accurately characterizes me. But I do know my email address, which I also have had since Gmail was invitation-only. This is one reason I'd like not to have to change to another email address.

    There are apparently different people using my address to register for various sites. I can't always tell where they are, but today's installment was a new account set up for Pinterest in New Zealand. I decided to capture that one. I've also had signups for accounts for Asian services that I've never heard of.

    @MrC - I know all about spam, of course, but these incidents aren't exactly spam. I am getting requests to confirm my email address to complete registration on these various services. I suppose typographical errors could account for some of this, but it's begun to happen way too often for that to be the explanation. And spam filtering wouldn't be of any use in this case anyway. I do know that email addresses are not private, but it's creepy when people begin to use mine. And creepier still when the frequency of this behavior has climbed recently.

    For the services I've captured from wayward users, I've kept 1Password records for them with "- Fake" added to the record titles.

    I guess I shouldn't consider these events as security treats.

  • MrC
    MrC
    Volunteer Moderator
    edited September 2020

    Understood.

    I will not respond to unsolicited sign-ups. Someone (or some bot, malware, etc.) may use your email address to initiate registration, or send users phishing emails disguised to look official and legitimate, yet contain URLs that jump-off to rogue sites. Almost no users will inspect these, will blindly follow them. Some of these URLs I've seen are very subtle variants.

    If an account needs your verification before it becomes activated, just toss the mail to the trash and the lack of activate will cause the sign-up attempt to be neutered.

    If someone does somehow manage to register your email to an account, you'll receive follow-up emails from that company, where you can take action.

    So, to me, this is a non-issue, and I certainly would not consider changing email addresses or hosts.

  • MrC
    MrC
    Volunteer Moderator

    Let me add...

    Users receive spam, sometimes with your email address. This address can appear in their autocomplete suggestions, or on some systems ask to be added to the users contacts (and they blindly click OK). It then later can be auto-completed, auto-filled too easily, by mistake, due to inattention, fat-fingering, or just plain cluelessness.

    Due to our spammy president and his party, sending myself email often has Siri attempting to use our VP's email address instead of my own.

  • @hawkmoth,

    I've debated calling her to ask her to stop signing up with my email address. Several of the services she's signed up have address/phone information in them. I then decided against that as I would be creeped out if someone called me to ask me to stop signing up with their email address.

  • The problem for me is these people aren't computer literate and don't know their own email addresses.

    This has almost always been the cause every time I've traced one of these to any degree. I have a common first initial and last name. My Gmail address from the invite-only times is pretty easy to come up with. A number of people apparently think it belongs to them.

    Ben

  • danco
    danco
    Volunteer Moderator

    I found way back on gmail that my name was taken already. So I used a variant of it, I think it may have been with a period between my first and last names. Only to find later that gmail, unlike other providers, did not distinguish between danco and dan.co

    I simply never used that account and it had no details.

  • Lars
    Lars
    1Password Alumni

    I'm with @MrC - this just isn't that concerning, as long as you stay on top of it. If someone does that to me (and it's a lot less likely because my name's less common), then I am the one getting the "welcome" or "complete your registration" emails. I'd just make sure nobody had compromised my email account credentials, and if I was pretty sure of that, just stay on top of the new ones that get registered.

This discussion has been closed.